netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object

#define CTNL_TIMEOUT_NAME_MAX	32

struct nf_ct_timeout {

	__u16			l3num;

	const struct nf_conntrack_l4proto *l4proto;

	char			data[0];

};

struct ctnl_timeout {

	struct list_head	head;

	struct rcu_head		rcu_head;

	refcount_t		refcnt;

	char			name[CTNL_TIMEOUT_NAME_MAX];

	__u16			l3num;

	const struct nf_conntrack_l4proto *l4proto;

	char			data[0];

	struct nf_ct_timeout	timeout;

};

struct nf_conn_timeout {

	struct ctnl_timeout __rcu *timeout;

	struct nf_ct_timeout __rcu *timeout;

};

static inline unsigned int *

nf_ct_timeout_data(struct nf_conn_timeout *t)

{

	struct ctnl_timeout *timeout;

	struct nf_ct_timeout *timeout;

	timeout = rcu_dereference(t->timeout);

	if (timeout == NULL)

static inline

struct nf_conn_timeout *nf_ct_timeout_ext_add(struct nf_conn *ct,

					      struct ctnl_timeout *timeout,

					      struct nf_ct_timeout *timeout,

					      gfp_t gfp)

{

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

int nf_conntrack_timeout_init(void);

void nf_conntrack_timeout_fini(void);

void nf_ct_untimeout(struct net *net, struct ctnl_timeout *timeout);

void nf_ct_untimeout(struct net *net, struct nf_ct_timeout *timeout);

#else

static inline int nf_conntrack_timeout_init(void)

{

#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

extern struct ctnl_timeout *(*nf_ct_timeout_find_get_hook)(struct net *net, const char *name);

extern void (*nf_ct_timeout_put_hook)(struct ctnl_timeout *timeout);

extern struct nf_ct_timeout *(*nf_ct_timeout_find_get_hook)(struct net *net, const char *name);

extern void (*nf_ct_timeout_put_hook)(struct nf_ct_timeout *timeout);

#endif

#endif /* _NF_CONNTRACK_TIMEOUT_H */

#include <net/netfilter/nf_conntrack_extend.h>

#include <net/netfilter/nf_conntrack_timeout.h>

struct ctnl_timeout *

struct nf_ct_timeout *

(*nf_ct_timeout_find_get_hook)(struct net *net, const char *name) __read_mostly;

EXPORT_SYMBOL_GPL(nf_ct_timeout_find_get_hook);

void (*nf_ct_timeout_put_hook)(struct ctnl_timeout *timeout) __read_mostly;

void (*nf_ct_timeout_put_hook)(struct nf_ct_timeout *timeout) __read_mostly;

EXPORT_SYMBOL_GPL(nf_ct_timeout_put_hook);

static int untimeout(struct nf_conn *ct, void *timeout)

	return 0;

}

void nf_ct_untimeout(struct net *net, struct ctnl_timeout *timeout)

void nf_ct_untimeout(struct net *net, struct nf_ct_timeout *timeout)

{

	nf_ct_iterate_cleanup_net(net, untimeout, timeout, 0, 0);

}

			/* You cannot replace one timeout policy by another of

			 * different kind, sorry.

			 */

			if (matching->l3num != l3num ||

			    matching->l4proto->l4proto != l4num)

			if (matching->timeout.l3num != l3num ||

			    matching->timeout.l4proto->l4proto != l4num)

				return -EINVAL;

			return ctnl_timeout_parse_policy(&matching->data,

							 matching->l4proto, net,

							 cda[CTA_TIMEOUT_DATA]);

			return ctnl_timeout_parse_policy(&matching->timeout.data,

							 matching->timeout.l4proto,

							 net, cda[CTA_TIMEOUT_DATA]);

		}

		return -EBUSY;

		goto err_proto_put;

	}

	ret = ctnl_timeout_parse_policy(&timeout->data, l4proto, net,

	ret = ctnl_timeout_parse_policy(&timeout->timeout.data, l4proto, net,

					cda[CTA_TIMEOUT_DATA]);

	if (ret < 0)

		goto err;

	strcpy(timeout->name, nla_data(cda[CTA_TIMEOUT_NAME]));

	timeout->l3num = l3num;

	timeout->l4proto = l4proto;

	timeout->timeout.l3num = l3num;

	timeout->timeout.l4proto = l4proto;

	refcount_set(&timeout->refcnt, 1);

	list_add_tail_rcu(&timeout->head, &net->nfct_timeout_list);

	struct nlmsghdr *nlh;

	struct nfgenmsg *nfmsg;

	unsigned int flags = portid ? NLM_F_MULTI : 0;

	const struct nf_conntrack_l4proto *l4proto = timeout->l4proto;

	const struct nf_conntrack_l4proto *l4proto = timeout->timeout.l4proto;

	event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_TIMEOUT, event);

	nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);

	nfmsg->res_id = 0;

	if (nla_put_string(skb, CTA_TIMEOUT_NAME, timeout->name) ||

	    nla_put_be16(skb, CTA_TIMEOUT_L3PROTO, htons(timeout->l3num)) ||

	    nla_put_u8(skb, CTA_TIMEOUT_L4PROTO, timeout->l4proto->l4proto) ||

	    nla_put_be16(skb, CTA_TIMEOUT_L3PROTO,

			 htons(timeout->timeout.l3num)) ||

	    nla_put_u8(skb, CTA_TIMEOUT_L4PROTO, l4proto->l4proto) ||

	    nla_put_be32(skb, CTA_TIMEOUT_USE,

			 htonl(refcount_read(&timeout->refcnt))))

		goto nla_put_failure;

		if (!nest_parms)

			goto nla_put_failure;

		ret = l4proto->ctnl_timeout.obj_to_nlattr(skb, &timeout->data);

		ret = l4proto->ctnl_timeout.obj_to_nlattr(skb,

							&timeout->timeout.data);

		if (ret < 0)

			goto nla_put_failure;

	if (refcount_dec_if_one(&timeout->refcnt)) {

		/* We are protected by nfnl mutex. */

		list_del_rcu(&timeout->head);

		nf_ct_l4proto_put(timeout->l4proto);

		nf_ct_untimeout(net, timeout);

		nf_ct_l4proto_put(timeout->timeout.l4proto);

		nf_ct_untimeout(net, &timeout->timeout);

		kfree_rcu(timeout, rcu_head);

	} else {

		ret = -EBUSY;

	return matching;

}

static void ctnl_timeout_put(struct ctnl_timeout *timeout)

static void ctnl_timeout_put(struct nf_ct_timeout *t)

{

	struct ctnl_timeout *timeout =

		container_of(t, struct ctnl_timeout, timeout);

	if (refcount_dec_and_test(&timeout->refcnt))

		kfree_rcu(timeout, rcu_head);

	list_for_each_entry_safe(cur, tmp, &net->nfct_timeout_list, head) {

		list_del_rcu(&cur->head);

		nf_ct_l4proto_put(cur->l4proto);

		nf_ct_l4proto_put(cur->timeout.l4proto);

		if (refcount_dec_and_test(&cur->refcnt))

			kfree_rcu(cur, rcu_head);

}

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

static void __xt_ct_tg_timeout_put(struct ctnl_timeout *timeout)

static void __xt_ct_tg_timeout_put(struct nf_ct_timeout *timeout)

{

	typeof(nf_ct_timeout_put_hook) timeout_put;

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

	typeof(nf_ct_timeout_find_get_hook) timeout_find_get;

	const struct nf_conntrack_l4proto *l4proto;

	struct ctnl_timeout *timeout;

	struct nf_ct_timeout *timeout;

	struct nf_conn_timeout *timeout_ext;

	const char *errmsg = NULL;

	int ret = 0;